Language Selection

English French German Italian Portuguese Spanish

Microsoft, Linux vendors slow to fix flaw

Filed under
Security

Colin Percival detailed the vulnerability -- which affects versions of Intel's CPU that use a technology called hyper-threading -- at a conference on May 13.

The vulnerability could allow hackers to steal sensitive information such as passwords on servers configured to allow multiple users to login simultaneously.

The FreeBSD security team member has received formal responses to the issue from the makers of the BSD family of open-source operating systems, as well as SCO and Ubuntu Linux. However, Linux vendors Red Hat, Novell and Mandriva as well as Microsoft have been slow to act.

"Given that I reported this problem in early March, I really think that they [Microsoft and Linux vendors] should have had a patch over a month ago -- in time to test it extensively before releasing it on May 13th," Percival told ZDNet Australia .

"I made it quite clear to everyone that I would be releasing my paper on that date and that they should make sure they were ready by then," he added.

Although the problem only affects multi-user servers, these machines are widely used. "The most obvious example is shared Web servers, which constitutes the vast majority of small e-commerce sites," he said. "On these systems the flaw is very serious."

Full Story.

More in Tux Machines

Leftovers: Software

today's howtos

Leftovers: Gaming

  • See How Your Linux System Stacks Up To 15 GPUs For 1080p Gaming
    This week I posted the results of a 15-way graphics card comparison on Ubuntu Linux with AMD Radeon and NVIDIA GeForce graphics cards while running the very latest proprietary drivers. Those tests were focused on 4K resolution testing in order to stress the latest-generation AMD/NVIDIA GPUs. However, if you want to see 1080p numbers, here are some benchmark-friendly results.
  • Victor Vran Action RPG Is Now Available on Steam for Linux
    Victor Vran, an isometric action RPG developed by Haemimont Games and published by EuroVideo Medien on Steam, has been released on Linux as well. The genre of isometric action RPGs is a very well defined one and it incorporates titles like Diablo. Victor Vran has been very well received by the community and the Linux platform has been supported right from the start.

Red Hat News